On Mon, Jul 14, 2003 at 01:02:33AM -0400, bda wrote: > On Sun, Jul 13, 2003 at 11:55:45PM -0400, Matt Zimmerman wrote: > > If the user can read files in /tmp, they can execute the code in them. What > > problem is noexec /tmp supposed to solve? > > In the event that the machine gets popped (depending on the vector of > attack), it makes it that much more difficult for the intruder to run > exploits on the machine, as it's possible that they cannot write to any > directory but /tmp. (This is admittedly unlikely as if they're > exploiting a service, that service can mostly likely write SOMEWHERE, > which allows for the execution of code; ignoring the fact that the > attacker has likely already gained the ability to run arbitrary > commands.) > I'd like to agree. noexec almost certainly better than nothing at all! Say for example, something is exploited via a website attack and commands are executed via some PHP code - The attacker hasn't got a shell and can't see what's going on so noexec may fool them in to thinking the security is /too/ good, their code doesn't work etc. and they'll leave it. ..as I said, better than nothing. On a side note: For those people who have made /tmp part of / (i.e. /tmp isn't a partition and isn't mounted).. I created a file using dd and /dev/zero of around 20Mb. Then used mkfs to make it in to a file system and mounted it as /tmp with noexec and other permissions. Although I believe there is tmpfs for this? > It may seem like putting a pebble in front of a tank, but the only > defense we have is a many-layered security policy. Security by obscurity isn't it? At least you'd have the little bit of extra padding there. Regards, David. -- .''`. David Ramsden <firstname.lastname@example.org> : :' : http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system.
Description: PGP signature